Meinberg LCES Manual Download | Manualshive

Page: 24 / 180

background image

6.2 Securing Management

The most secure way to configure a LANTIME is to connect the client directly to the LANTIME, until only
secure channels are established. This guide uses the web interface over ssl as example.

After connecting a reference clock and the following start procedure of a LANTIME, an IP address can be
configured via the front panel (see chapter "LTOS Management and Monitoring

→

"). Now it is

possible to connect to the web interface using the configured ip address. Use the initial credentials to login.

User:

root

Password:

timeserver

After you connected successfully, the first thing to do is to check, if it exists a new firmware version (see
section

for update instructions). After the update is performed, generate or inject a ssl certificate. This

example uses a new one. Figure

shows the button to start the generation.

Figure 6.4: Generate SSL certificate step 1

On the next step you have to enter the information needed for the certificate (see also chapter "LTOS Man-
agement and Monitoring

→

Via Web Gui

→

"). Figure

shows the form. As key length, use 2048 or

higher. Shorter durations of the period of validity are better than longer. In this example we select three years
as a good trade of short duration and an acceptable management cost.

Figure 6.5: Generate SSL certificate step 2

20

Date: 2nd July 2020

LANTIME CPU Expansion Shelf

«
...
22
23
24
25
26
...
»

Summary of Contents for LCES

Page 1: ...MANUAL LANTIME CPU Expansion Shelf LCES NTP LNE RPS BGT 2nd July 2020 Meinberg Funkuhren GmbH Co KG ...

Page 2: ......

Page 3: ...Informations 18 6 2 Securing Management 20 6 3 User Management Administration 24 6 3 1 LANTIME User Management 24 6 3 2 External User Authentication Radius and TACACS 25 6 4 Securing Time Service NTP 26 6 5 Event Log Delivery 28 6 6 Update And Backup LANTIME Firmware 29 7 LANTIME Basic Configuration Wizard 32 8 Introduction Configuration LANTIME 33 9 LTOS7 Management and Monitoring 34 9 1 Via Web ...

Page 4: ...nt Technical Information 169 11 1 LAN CPU Time Server Module 170 11 2 LNE GbE Additional Ethernet Ports 171 11 3 Power Connector 172 11 4 Refclock In 173 11 5 PPS In 173 12 RoHS and WEEE 174 13 Declaration of Conformity 175 Date 2nd July 2020 LANTIME CPU Expansion Shelf ...

Page 5: ...nkuhren GmbH Co KG Lange Wand 9 31812 Bad Pyrmont Germany Phone 49 0 52 81 93 09 0 Fax 49 0 52 81 93 09 230 Internet https www meinbergglobal com Mail info meinberg de Date 02 07 2020 LANTIME CPU Expansion Shelf Date 2nd July 2020 1 ...

Page 6: ...ly continue if you have understood and fulfilled all requirements In this documentation dangers and indications are classified and illustrated as follows DANGER The signal word indicates an imminently hazardous situation with a high risk level This notice draws attention to an operating procedure or similar proceedings of which a non observance may result in serious personal injury or death WARNIN...

Page 7: ...s elektrischen Schlages Caution risk of electric shock IEC 60417 5041 Vorsicht heiße Oberfläche Caution hot surface IEC 60417 6056 Vorsicht Gefährlich sich bewegende Teile Caution moving fan blades IEC 60417 6172 Trennen Sie alle Netzstecker Disconnection all power plugs IEC 60417 5134 Elektrostatisch gefährdete Bauteile Electrostatic Sensitive Devices IEC 60417 6222 Information generell Informati...

Page 8: ... for the purpose described in this manual In particular the given limits of the device must be observed The safety of the installation in which the unit is integrated is the responsibility of the installer Non observance of these instructions can lead to a reduction in the safety of this device Please keep this manual in a safe place This manual is intended exclusively for electricians or persons ...

Page 9: ...nstallation in an air conditioned control cabinet required Transport Unpacking Installation If the unit is brought into the operating room from a cold environment condensation may occur wait until the unit is temperature controlled and absolutely dry before operating it When unpacking setting up and before operating the equipment be sure to read the information on the hardware installation and the...

Page 10: ...erly and are undamaged Pay particular attention to the facts that the cables do not have kinks or that they are not too short around corners and no objects are placed on the cables Also make sure that all connections are secure Faulty shielding or cabling will endanger your health electrical shock and may destroy other equipment Ensure that all necessary safety precautions have been taken Make all...

Page 11: ...mains socket on the appliance or the mains socket of the house installation is freely accessible to the user so that the mains cable can be pulled out of the socket in case of emergency Outside the assembly group the device must be disconnectable from the power supply in accordance with the provisions of IEC 60950 1 e g by the primary line protection Installation and disassembly of the power suppl...

Page 12: ...ductor via the protective earth connection terminal If an external earth connection is provided on the housing it must be connected to the equipotential bonding rail grounding rail The mounting parts without cable are not included in the scope of delivery Note Please use a grounding cable 1 5 mm2 Always pay attention to a correct crimp connection 8 Date 2nd July 2020 LANTIME CPU Expansion Shelf ...

Page 13: ...d and when the doors are closed cooling fire protection shielding against electrical magnetic and electromagnetic fields Switch off in fault service case By switching off the devices are not disconnected from the power supply In the event of a fault or service case the devices must be immediately disconnected from all power supplies Follow the steps below Switch off the device Disconnect all power...

Page 14: ...or the user and result in a loss of warranty as well as an exclusion of liability Danger due to moving parts keep away from moving parts Device parts can become very hot during operation Do not touch these surfaces If necessary switch off the unit before installing or removing any equipment and allow it to cool down 2 7 Handling Batteries CAUTION The lithium battery on the receiver modules has a s...

Page 15: ...ion Prepare removal and installation of assemblies Unload yourself for example by touching a grounded object before touching assemblies Ensure that you wear a grounding strap on the wrist when working with such assemblies which you attach to an unpainted non conductive metal part of the system Use only tools and devices that are free from static electricity Transporting Assemblies Assemblies may o...

Page 16: ...oduct symbol on the left indicates that this electronic product must not be disposed of in domestic waste Return and Collection Systems For returning your old equipment please use the country specific return and collection systems available to you or contact Meinberg The withdrawal may be refused in the case of waste equipment which presents a risk to human health or safety due to contamination du...

Page 17: ...e case Details of the components are described below LAN CPU T E R M USB LAN 0 POWER LAN CPU T E R M USB LAN 0 POWER LAN CPU T E R M USB LAN 0 POWER Power Power LAN CPU T E R M USB LAN 0 POWER LAN CPU T E R M USB LAN 0 POWER LAN CPU T E R M USB LAN 0 POWER LAN CPU T E R M USB LAN 0 POWER LNE GE 10 100 1000 Power Power LAN CPU T E R M USB LAN 0 POWER LNE GE 10 100 1000 LNE GE 10 100 1000 LNE GE 10 ...

Page 18: ...aterial Aluminium Temperature range Operation 0 50 C 32 122 F Storage 20 70 C 4 158 F Relative humidity Operation 85 max Operation height Operation 2000 m 6562 ft above sea level Acoustics 0 dB A IP protection class IP20 14 Date 2nd July 2020 LANTIME CPU Expansion Shelf ...

Page 19: ...4 Technical specifications 3U Chassis Housing dimensions LANTIME CPU Expansion Shelf Date 2nd July 2020 15 ...

Page 20: ...f a reference time source such as a radio controlled clock satelliet receiver or modem time distribution Stratum 1 Servers distribute their time to several clients in the network which are called Stratum 2 Highly precise synchronization is feasible because of the several time references Every computer synchro nizes itself with up to three valued time sources NTP enables the comparison of the hardw...

Page 21: ...verview securing the management securing the time services and additional information about event log delivery Finally some advisories for the update process of a LANTIME are given The general knowledge about public key infrastructures RSA symmetric keys and the protocols SSL SSH NTP and SNMP is assumed Legend considered secure can be configured to be secure unsecure Figure 6 1 LANTIME Services LA...

Page 22: ...u can activate the other services over SNMP The delivery of secured time information is only available for NTP Please note that the NTP protocol only supports integrity and authenticity but no confidentiality PTP does not currently support IT security functions These are only planned for the next protocol standard For this reason you must still use NTP to ensure secure time synchronization Another...

Page 23: ... short The accountability is given through a detailed syslog of the actions performed by every user or process However the log files can be changed later by root or super users For this reason the system cannot guarantee the non repudiation The most possible availability of the services is realized through current updates and IP banning For more protection implement web application firewalls and t...

Page 24: ...sfully the first thing to do is to check if it exists a new firmware version see section 6 6 for update instructions After the update is performed generate or inject a ssl certificate This example uses a new one Figure 6 4 shows the button to start the generation Figure 6 4 Generate SSL certificate step 1 On the next step you have to enter the information needed for the certificate see also chapte...

Page 25: ...If both certificates are identical you can go ahead with step five to confirm the confidence of the LANTIME certificate Modern browser configurations will show you that the connection is not safe when you use a self signed certificate Because of this behaviour we recommend the implementation of a public key infrastructure to avoid the warning Also make sure that you use a Subject Alternative Name ...

Page 26: ...t and local console under Security Front Panel if desired In addition you can set the remote access control to white listed IP addresses that are allowed to connect to the web interface Hint The Remote Access Control does not take effect for SSH connections Figure 6 9 shows the menus Figure 6 9 Deactivation of root and front panel The timeout for web sessions is configured on the Security tab unde...

Page 27: ...ion via SNMP you have to use version 3 and the authPriv mode The additional parameters of version 3 are the user name security name the access rights the authentication and privacy protocol algorithms Use SHA and AES as algorithms As usual longer passwords are preferred Start the SNMP service on Network Network Services tab afterwards Figure 6 11 SNMP options LANTIME CPU Expansion Shelf Date 2nd J...

Page 28: ...User Super Users are allowed to do everything bash access included Admin Users are allowed to do everything that is on the web interface but no operations that would grant super user rights Info Users are just allowed to see all non security relevant informations in the web interface To create a User use the form that is shown on Figure 6 12 Super Users can create all user types The Admin User can...

Page 29: ...ministration under Add External Authentication Server Look at Figure 6 15 for the input options You have to enable External Authentication first Afterwards choose radius or TACACS from the drop down menu and insert the hostname the previously exchanged key and the correct port From now on you are able to login with the external authentication mechanism At first the system checks the external serve...

Page 30: ...tomatically generate the keys by the system MD5 and SHA1 keys will exist in the key file However for the highest security currently available AES128 CMAC keys have to be used These cannot be generated automatically yet Figure 6 16 shows example keys The key IDs have to be added to the trusted keys on General Settings menu point of NTP tab see Figure 6 17 On NTP Restrictions menu you can deactivate...

Page 31: ... and 6 20 The configuration file of a client is shown in Figure 6 21 It contains the path to the key file the trusted key IDs and the server IP which uses the key with ID 1 in this example Figure 6 18 External server configuration Figure 6 19 Broadcast configuration LANTIME CPU Expansion Shelf Date 2nd July 2020 27 ...

Page 32: ...event log informations on a central server to correlate and check them for anoma lies Be aware of potential security related information leakage due to the lack of encryption for services other than SNMPv3 The chapter LTOS Management and Monitoring Via Web GUI Notification describes the configura tion options for the transport channels If you use SNMP v3 with selected authPriv security level SNMP ...

Page 33: ... checked during the Preflight Checks test directly after upload If this test detects a faulty signature a warning is displayed If this happens download the new firmware from the Meinberg web site again and repeat the process In case of repeated warnings please contact the Meinberg support In the next step you have to confirm the update and activate the new firmware like in Figure 6 23 The update w...

Page 34: ...h cfg defines which configuration file the SSH service should use In factory configuration the file contains the following entry SSHD CONFIGFILE etc standard sshd_config If the file etc standard sshd_config is defined as an SSH configuration file this file is updated during a firmware update If the file etc ssh sshd_config is entered an own configuration can be created in this file which is not re...

Page 35: ... the web interface as shown in 6 25 resets all custom configuration settings in the current startup configuration except the network settings In detail this means that your certificates credentials SNMP NTP and SSH keys among others will be lost Configurations previously saved under a different name are retained even in the event of a factory reset If desired these configurations must also be dele...

Page 36: ...as to be set to VT100 After connecting the LANTIME the login message appears press RETURN for initial connection After the connection is successfully established use your login credentials in the welcome screen to enter a console Welcome to Meinberg LANTIME login _ Default settings are Login root Password timeserver It may be the case to press a RETURN button again After successful registration ch...

Page 37: ...P Autoconf further configu ration changes can be done via a network connection Note If the system doesn t has a display feature e g LANTIME M100 goto chapter LANTIME Setup Wizard in this manual To set up a TELNET connection the following commands are entered telnet 198 168 10 10 LANTIME IP Default User root Default Password timeserver To set up a SSH connection the following commands are entered s...

Page 38: ...essages Statistics NTP MRS Performance NTP Access Extended Statistics MRS external reference input signals Documentation Manuals support information The field in the lower section shows the last messages of the system with a timestamp added The newest messages are on top of the list This is the content of the file var log lantime_messages which is created after every start of the system and is los...

Page 39: ...onfiguration and status parameters of the sys tem including general information model name serial number uptime since last reboot assigned network and PTP interfaces both in IPv4 or IPv6 configuration receiver status information sync or not for GNSS receivers some additional satellite data SHS Secure Hybrid System status in redundant receiver configuration which provides a plausibility mode where ...

Page 40: ...re is an icon showing a doctor s stethoscope linked with a diagnostic file of the system which includes all the necessary data for diagnostic and troubleshooting of the device By clicking this icon a current diagnostic file will immediately start to download for you to save it to your local computer for a further use The downloading can take up to 60 seconds depending on the file size which can be...

Page 41: ...ou need to confirm the setting by clicking the Save Settings button at the bottom of the page By doing so and if the setting has been carried out successfully you will receive a dialogue in the Main Menu with a confirmation message written on a green field At the same time when a new configuration has been applied a log message will appear in the list of last messages in the Main Menu saying Devic...

Page 42: ...guration then you select Discard current configuration button when the message on a yellow bar appears Each entry you fill in in the provided dialogues is checked for plausibility for that particular field If you for example used wrong characters e g letters in the IP Address configuration or any special characters which are not allowed or you provided an invalid network configuration then you wil...

Page 43: ...his field is used to configure the network domain name A network domain name is a text based label easier to memorize than the numerical addresses used in the Internet protocol e g meinberg de Nameserver1 IP Address of the primary DNS Server in the network The DNS server is used to resolve IP addresses as well as hostnames in a network Nameserver2 An alternate nameserver can be defined here LANTIM...

Page 44: ... The following service states are possible A service has been activated for at least one virtual interface and is active Service has not been activated for any virtual interface and is therefore stopped The following services are supported by the LANTIME NTP Network Time Protocol UDP Port 123 HTTP Hyper Transfer Protocol TCP Port 80 HTTPS Hyper Transfer Protocol Secure TCP Port 443 TELNET Teletype...

Page 45: ...d and to configure them accordingly Monitor Interface As soon as one of the selected network ports has no link this status will be indicated by a red Network LED on the front panel and the Network Link Down event will be reported If a network link is available on all selected ports the Network LED on the front panel will light up green Bonding Here 2 or more physical network ports can be grouped i...

Page 46: ...P can also be conveniently set via the web interface menu Network Physical Network Configuration Select the same PRP group for at least two interfaces in the drop down menu Bonding IPv6 Mode Activation or deactivation of the IPv6 protocol MAC Address Media Access Control shows the MAC address of the given physical interface Assigned Virtual Interfaces Indicates which virtual interfaces are assigne...

Page 47: ... be created The new interface is assigned by default to the physical port lan0 and is added at the end of the row of the existing virtual interfaces The assignment can be changed in the Miscellaneous tab Submenu IPv4 In this submenu the IPv4 parameters can be configured or the current configuration given by the DHCP server can be displayed TCP IP address IPv4 Address of the given interface Netmask...

Page 48: ...Button Deletes the currently selected virtual interface MAC Address Displays the MAC address of the assigned physical network port Label Individual text description of the interface alias Submenu VLAN Enable VLAN Option Activation of the tagged VLAN function for the selected virtual interface VLAN Tag 0 4094 VLAN tags from 0 4094 can be entered here The selected tag is inserted into the data area ...

Page 49: ...source or any other failure occurs another NTP server from the cluster takes over the master role The current master responds to requests from NTP clients via a common cluster IP Even if the master is replaced by another NTP server this IP does not change The configuration of a NTP cluster is useful if at the side of NTP clients only one IP address for an ex ternal NTP server can be configured and...

Page 50: ... messages TCP IP Address IP address of the NTP cluster interface The same cluster IP needs to be configured on all cluster members It is recommended to configure a cluster IP in the same subnet as the corresponding virtual interface Netmask Netmask Configuration for the cluster interface Priority The priority set here is taken into account when the MASTER is determined by the cluster algorithm The...

Page 51: ...figuration two or more physical network ports can be grouped into a bond group The Bonding Mode is used to configure either the ACTIVE BACKUP or the LACP mode Link Aggregation Control Protocol which are supported on the LANTIME ACTIVE BACKUP One physical interface in the bonding group acts as an active slave All network traffic of a LANTIME Bond runs through this interface The other physical inter...

Page 52: ...uration In the Extended Network Configuration a bash script can be edited which is executed automatically each time the LANTIME is rebooted or a network related configuration changes 48 Date 2nd July 2020 LANTIME CPU Expansion Shelf ...

Page 53: ...nitoring 9 1 3 Notification 9 1 3 1 External Syslog Server All information which is written into SYSLOG var log messages on the LANTIME can also be forwarded to a remote server LANTIME CPU Expansion Shelf Date 2nd July 2020 49 ...

Page 54: ...itch off the pingcheck via the manual network configuration To proceed navigate as described down below System Page Services and Functions Manual Configuration Network Configuration Enter the value NO for the Parameter SYSLOGPINGCHECK and save the new settings Minimum Log Level Log Level Configuration Transport Protocol Transport Protocol Configuration UDP connectionless transmission TCP connectio...

Page 55: ...dress of the sender Smarthost To send the e mails you require a smarthost relay server Please enter the server address here Port Network port configuration Default setting is 25 because the SMTP Simple Mail Transfer Protocol uses TCP Port 25 as standard Activate Authentication Many mail servers require a valid authentication Checkbox Please check mark the box to activate it Username Password Pleas...

Page 56: ...nu Notifications you can select the system events for which the LANTIME has to send an SNMP Trap SNMP Trap Receiver IP address or hostname of the SNMP trap receiver Community SNMP Read Community of the Trap Receiver Version SNMP version to use Number of Retries Specifies the value a lantimes retries to send a Trap Timeout Connection timeout value 52 Date 2nd July 2020 LANTIME CPU Expansion Shelf ...

Page 57: ... any characters as scrolling text All LANTIME alarm messages can be displayed as text messages on the display In the submenu Notifications you can select the system events which are to be sent to the display by the LANTIME A message appears three times in succession as a scrolling text on the display Display IP Addres of the network display Serial number You have to enter the correct serial number...

Page 58: ...an be created via the User defined notification menu item This script can be viewed and edited via the button Notification Edit Upon delivery this script contains a few comments In the submenu Notification Events you can select the system events on which the script should be exe cuted 54 Date 2nd July 2020 LANTIME CPU Expansion Shelf ...

Page 59: ...an SNMP trap to the configured SNMP trap receivers to report itself as alive and active The SNMP OID of the trap is 1 3 6 1 4 1 5597 30 3 0 88 mbgLtNgTrapHeartbeat Activate Heartbeat The heartbeat can be activated via this checkbox Heartbeat Intervall m Heartbeat interval in minutes LANTIME CPU Expansion Shelf Date 2nd July 2020 55 ...

Page 60: ...Trap Receivers DISP Shows the notifications on the configured network displays see chapter VP100 NET Display Information USER Activates the user defined script see chapter Notifications ALED When the event occurs the alarm LED of the LANTIME will light up RELAY When the event occurs the error relay at the LANTIME is set to ERROR see chapter Error Relays 1 Information 2 Alarm 3 Last change Automati...

Page 61: ...ers a permanent error in the system If modules are intentionally removed the Reset IMS Error button at the bottom of the event table is available in the Notifications submenu With this button all registered IMS errors can be reset LANTIME CPU Expansion Shelf Date 2nd July 2020 57 ...

Page 62: ... Warning or Critical Receiver module is not sync Ref Clock Messages CLK NR Sync Info event Receiver module is synchronous to its time source Antenna Faulty Critical No antenna or sufficient signal was detected Ref Clock Mes sages Antenna Reconnect Clearing event Antenna signal was detected by the LANTIME Antenna Short Circuit Critical Short circuit at the antenna con nection Ref Clock Messages Dev...

Page 63: ...eeded Ref Clock Messages XMR Reference Disconnected Critical A configured MRS time source is no longer available Ref Clock Messages XMR Reference Detected Info or Warning A configured MRS time source is available XMR Reference Changed Info or Warning The active MRS source has changed Network Link Down Critical No network connection on one of the LAN ports Network Mes sages Network Link Up Clearing...

Page 64: ...sted Clearing event Internal oscillator runs stably and is completely adjusted Oscillator Not Adjusted Info event Internal oscillator is not adjusted Ref Clock Messages Cluster Master Changed Warning The master of a LANTIME NTP cluster has changed Cluster Falseticker detected Warning An NTP falseticker was detected in the cluster compound Cluster Falseticker cleared Clearing event Previously detec...

Page 65: ... Monitoring Event Severity Levels according to X 733 Description NTP Offsetlimit OK Info event Maximum NTP offset not ex ceeded Sync Monitoring Table All Notification Events LANTIME CPU Expansion Shelf Date 2nd July 2020 61 ...

Page 66: ...emote Access Control In this configuration file you can configure an access control for the LANTIME web interface based on the IP protocol In this file you can enter the IP addresses to be allowed to access the Web interface After the first en try access to all other clients is automatically blocked Individual client IPs or entire subnets can be configured Shell Timeout Defines a timeout in second...

Page 67: ...front panel is deactivated and connected USB sticks can not be detected Checkbox Automatically save and apply configuration which was uploaded via USB interface You can install a previously saved configuration on your LANTIME via the USB stick menu if you have activated this check box the uploaded configuration will be taken over directly as the start configuration Checkbox Automatically activate ...

Page 68: ... each interface in the network settings read also the configuration chapter 9 1 2 3 Web GUI Network Network Services Key Length Bits Determines the key length for a new key to be generated Generate SSH Key Generates a key pair consisting of a public and private key in configurable length Show SSH Key You can use this button to display the public SSH keys of a LANTIME 64 Date 2nd July 2020 LANTIME ...

Page 69: ...certificate installed on the LANTIME which is not signed by a Cer tificate Authority CA Therefore some web browsers will state that the connection is not secure If you want to install a certificate which was signed by a trusted Certificate Authority the Upload SSL Certificate button can be used More details on this in the following instructions Generate SSL Certificate Allows to create a new self ...

Page 70: ... After uploading the signed certificate this previously generated private key will be used If the submitted and signed certificate was not generated on the LANTIME then the PEM file must contain the private key and the certificate itself The content of the private key starts with BEGIN RSA PRIVATE KEY and ends with END RSA PRIVATE KEY the certificate itself starts with BEGIN CERTIFICATE and ends w...

Page 71: ...d SSL Certificate If your signed certificate has not been generated on the LANTIME then it must be stored together with the private key in the file etc http pem The key has to be enclosed by the lines BEGIN and END RSA PRIVATE KEY as shown above The multi level chained certificates can only be imported via the command line or a file transfer After these certificates have been saved the web server ...

Page 72: ...MP MIB The files named MBG SNM P ROOT MIB mib and MBG LANTIME NG MIB mib need to be used to monitor a LANTIME V6 system see also configuration chapter Web GUI System Services and Functions By default the SNMP service is not activated on a LANTIME V6 system The service can be activated on each interface at the Network page Network Services see also configuration chapter Web GUI Network Network Serv...

Page 73: ...ty string is incorrect the SNMP SET command is not executed V3 Parameter Security Name SNMP V3 User name Security Level Messages can be sent unauthenticated authenticated or authenticated and encrypted by setting the Security Level to use noAuthnoPriv unauthenticated and unencrypted authNoPriv authenticated and unencrypted authPriv authenticated and encrypted Engine ID Within an administrative dom...

Page 74: ...m Authentication Passphrase User passphrase that must be at least 8 characters in length Privacy Protocol The protocols used for Encryption are DES Data Encryption Standard and AES Advanced Encryption Stan dard Privacy Passphrase A passphrase which is used when encrypting packets It must be at least 8 characters in length 70 Date 2nd July 2020 LANTIME CPU Expansion Shelf ...

Page 75: ...e measurements are forwarded to the SHS mode if this is enabled Similar as in LANTIME systems with SHS the alarms can be triggered when a difference of the two signals exceeds the configured time limit settings and the NTP service should be configured to stop SHS Mode The SHS mode can be selectively enabled or disabled via this selection box If the SHS mode is disabled no time comparison takes pla...

Page 76: ...ror Here you can decide if the NTP service is to be terminated at the Critical TimeLimitError In this case requesting NTP clients would no longer receive a response from the time server 72 Date 2nd July 2020 LANTIME CPU Expansion Shelf ...

Page 77: ...xternal network as Stratum 1 The setting Stratum Level when Unsynchronized is used to configure the stratum value by which the server presents itself in the network when a reference time source is not avail able This value does not take an effect until the configured NTP Trustime for the internal reference clock has expired and no further time sources such as external NTP servers are available Dis...

Page 78: ... server is lost c If NTP of the LANTIME with activated Disable Stratum Change function changes from its internal reference clock to an external NTP server with Stratum 2 the Stratum of the LANTIME will change from 1 to 3 NTP Trustime This setting defines for how long NTP should trust the internal reference clock of a server after this has become asynchronous The status of an asynchronous reference...

Page 79: ...ing and Management Clock Oscillator Type Then you can define an offset from which the NTP should lose its stratum or the trust time A list of oscillators available for Meinberg reference clocks https www meinbergglobal com english specs gpsopt htm Local Trusted Keys In this field you can enter the IDs of the symmetric keys which shall be used for the authentication If you have more than one key th...

Page 80: ... Symmetric Keys on the NTP page b Additionally you must enter the ID into the field Local Trusted Keys under NTP General Settings c The same key with the same ID must be configured on the external server Minpoll and Maxpoll not supported on devices which support the MRS feature With these settings you can set the minimum and maximum polling interval query cycle for a given external server NTP star...

Page 81: ...her priority is available Due to this particularity the configuration possibilities for external NTP server are different The parame ters Minpoll Maxpoll and Iburst cannot be configured on a LANTIME MRS For a LANTIME MRS you can adjust the default polling interval of 32 seconds via the manual configura tion of the server To proceed follow this menu navigation Web Interface System Page Services and...

Page 82: ...hich is to be used for authentication with the NTP clients The following must be respected to make the authentication work a The NTP key file of the server must contain the ID You can edit the key file in the submenu NTP NTP Symmetric Keys on the NTP page b Additionally you must enter the ID into the field Trustable Keys under NTP General Settings c The same key with the same ID must be configured...

Page 83: ...red TimeToLive TTL value determines how many hops NTP packets can pass in the network Each network hop reduces this value by 1 When the value reaches zero the network packet is dropped Symmetric Keys For NTP Multicast an authentication is recommended but not mandatory However if the authentication is configured on the server side it is also necessary to do so on the client side In the field Symmet...

Page 84: ...d to use authentication methods Enable Manycast It activates the Manycast Feature Manycast Address Address field for entering the manycast address mutlicast address space The Multicast Address Range is as follows Ipv4 224 0 0 0 239 255 255 255 Ipv6 Every FF00 8 Address Symmetric Keys For NTP Manycast a key method for authentication is recommended but not mandatory However if the authentication met...

Page 85: ... the NPT Key file trustedkey 1 The Key ID which is used for the authentication manycastclient 224 0 1 2 key 1 The Client listens on the Multicast Address 224 0 1 2 and uses the key with ID 1 for authentication LANTIME CPU Expansion Shelf Date 2nd July 2020 81 ...

Page 86: ...n between a LANTIME and my NTP clients 1 Add the keys which are to be used to the key file of the server The following is a representative ex cerpt from the key file of a server 1 M f294fa0 MD5 key 2 MD5 BtdW gj2 2M qAIN MD5 key 3 SHA1 094c533b614d9e4bcb6e18a97a7b0e4d459025bd SHA1 key 2 Enter the IDs of these keys into the Trusted Keys field under NTP General Settings for example 3 The following i...

Page 87: ...ask Access can also be allowed for individual IP addresses In order to enable the restricted access the Activate Access Restriction option must be activated here Client IP addresses which are not covered in the allowed IP address ranges will no more receive NTP responses from the LANTIME Ignore NTP Mode 6 and 7 Packets This setting cause that internal information like Access statistics cannot be q...

Page 88: ...nouncement automatically via the GPS signal In the log file of the LANTIME the entry Leap Second Announced is generated when the date of the leap second is received Other synchronization methods do not offer this announcement possibility which can lead to a one second time jump Therefore it is necessary to keep the NTP leap second file up to date on these systems so that a leap second is correctly...

Page 89: ...bility to spoof the NTP time if wanted Attention The use of a Fixed Offset is a violation of the NTP standard and causes standard NTP clients to accept faulty time and to make a time jump accordingly Max Internal Offset s This value in milliseconds specifies a minimum accuracy the NTP service must reach before the server starts to serve time to the clients E g entering a value of 1ms means that th...

Page 90: ...ure is enabled all sub menus will be expanded in each configuration dialogue Automatically Activate Config Changes As Startup Config If this option is enabled each configuration change is immediately added to the startup configuration of the LAN TIME the startup configuration is the configuration that is used when the LANTIME is booted If the option is not activated the following note is displayed...

Page 91: ...nated by pressing the F2 button on the front panel Reset Factory Defaults Resets the LANTIME to factory defaults Attention The network settings are retained during the reset via the web interface If the network settings need to be reset as well the reset must be initiated via the front panel During the reset LANTIME restarts After restarting the LANTIME can be reconfigured with the default user ro...

Page 92: ...S systems in order to obtain a redundant receiver configuration After start up the system remembers the serial connection of the reference clock used If for example an M3000 or M1000 system with built in RSC a second clock will be installed during operation hot plug the Rescan Refclocks button must be pressed to register the new clock so that the serial connection of the second clock will be saved...

Page 93: ...r User level has full read write access to the configuration of the LANTIME system it can modify all parameters and has full shell access to the system when logging in via Telnet SSH or serial console port Administrator level accounts can only modify parameters via the WEB interface but does not have shell access The access level Info can only review status and configuration options but is not all...

Page 94: ...which are available through the WebUI Perform Firmware Update Create a diagnostic file Create a new super user account Review all webinterface configuration values Additional Network Configuration Additional NTP Configuration User defined notifications User List This submenu gives you an overview of all configured LANTIME users By clicking Delete User a single user can be deleted 90 Date 2nd July ...

Page 95: ... is a client server protocol that runs in the application layer using UDP as transport protocol The LANTIME RADIUS authentication requires that each account that should be able to login to the LANTIME has a Vendor Specific Attribute VSA called MBG Management Privilege Level configured This VSA has to be added to the RADIUS configuration of an external authentication server Here some additional Inf...

Page 96: ...unt 300 In the following an example of a tac_plus server configuration file This is the shared secret that clients have to use to access Tacacs key meinberg User Groups group lantime_super_user service lantime_mgmt priv lvl 100 group lantime_admin_user service lantime_mgmt priv lvl 200 group lantime_info_user service lantime_mgmt priv lvl 300 User LANTIME Super User user tacacs_su member lantime_s...

Page 97: ...IPv4 and IPv6 are supported Shared Secret A shared secret is used for a basic authentication between a LANTIME and the authentication server The shared secret of the external authentication server has to be entered in this field A list of allowed signs which can be used for the shared secret you can find in the chapter Before you Start Port Depending on the authentication method the default port i...

Page 98: ...rds will be allowed A secure password needs at least one lower character a z one upper character A Z one digit 0 9 one special character A list of allowed signs which can be used as special characters you can find in the chapter Before you Start Users must change password periodically Users will be forced to change passwords at regular intervals If a password is expired the user can not log in to ...

Page 99: ...g the additional status information on the built in reference clock Show Process List Displaying of all currently running processes Show Reboot Log Displaying the reboot logs stored in mnt flash data reboot log The log file contains information about past system reboots Show Time Related Messages Displaying the file var log lantime_messages Show Device Options Displaying additional system paramete...

Page 100: ... is displayed during installation The following is an excerpt of possible warning or info messages Running Preflight Checks Checking digital signature of file WARNING Could not verify digital signature of update file Error invalid file format type WARNING This file does not seem to have been digitally signed please double check that it is a valid update file and has not been corrupted modified INF...

Page 101: ...om all LANTIME servers The file format of the diagnostic file is a tgz archive The archive contains all the important configuration and logfiles In most support cases it is the first action to ask the user to download the diagnostic file because it is very helpful to identify the current state of the LANTIME and to find possible errors LANTIME CPU Expansion Shelf Date 2nd July 2020 97 ...

Page 102: ...load button in order to download a file Additionally more than one Firmware version can be archived on the LANTIME If an updated version is not corresponding correctly in the environment then it is possible to reactivate one of the established versions again on the LANTIME Remove unneeded Versions With this button all unused firmware versions can be deleted Only the active firmware and the OSV Ori...

Page 103: ...page in the web interface Note This setting does not affect the time which is provided by the LANTIME through NTP PTP serial time strings or IRIG Exception In the case NTP is configured to provide local time instead of UTC you need to configure the exact local time zone here in the display time zone setting This setting is then used for NTP as well Edit Time Zone Table The button Edit Time Zone Ta...

Page 104: ... with daylight saving max 4 letter CEST 3 Field Day of week of changeover to daylight saving time 0 Sunday 4 Field Date of changeover to daylight saving time dd mm 25 03 Changeover will take place at the first Sunday starting from 25 03 5 Field Sign or Add or subtract offset from UTC 6 Field UTC Offset daylight saving hh mm 02 00 7 Field Time of changeover 02 00 8 Field Abbreviation of standard ti...

Page 105: ...perature threshold On In this mode the fans run permanently Off In this mode the fans are permanently turned off Temperature Threshold C Specification of the system temperature threshold in degrees Celsius The configured temperature value is taken into account for control of fans when the fan mode Automatically is selected Status Fan 1 Status display of the 1st fan Status Fan 2 Status display of t...

Page 106: ...er supply is sufficient to supply this system If the value is greater than or equal to 50W two power supply units are required for supply or three active power supply units are required to ensure redundancy The Redundancy field is set to Available if the Available Power minus the Current Power is greater than or equal to 50W The Overload field always displays No as long as the Current Power is les...

Page 107: ...he blue line and the secondary Y axis on the other hand illustrate the frequency ad justment of the oscillator which is built on the CPU by the ntpd in PPM to adjust the system time to the reference time source The minimum and maximum measured value of the frequency deviation and offsets can be read in the up per right corner Available Log Files You can select the available log data via the dropdo...

Page 108: ...2 Statistics This graphic is only available if the LANTIME is equipped with a PTP module which is configured as PTP SLAVE The red line shows the time offset between the time of the built in reference clock and the incoming PTP signal in micro s The blue line shows the path delay determined by the PTP module 104 Date 2nd July 2020 LANTIME CPU Expansion Shelf ...

Page 109: ...e per second PPS signal either indirectly via the PPS reference clock driver or directly via a kernel interface The peer is a candidate for synchronization The server is not suitable for synchronization x The server is detected as a falseticker and not suitable for synchronization The server is a survivor but not among the first six servers The peer is discarded as unreachable or synchronized to t...

Page 110: ...hanges more or less depending on the characteristics of the network during the polling of external NTP sources at each time comparison and the calculated time offset also varies For this reason the results of successive time comparisons are filtered by calculating weighted mean values for packet run time and time offset The deviations of the individual values from these mean values are referred to...

Page 111: ...fies when the client requested the time from the LANTIME Avg Interval Interval Average time in seconds between two NTP requests Rstr Shows if there are active Restrict Flags for this remote IP R Indicates whether the Rate Control is active or not M NTP package identification 0 reserved 1 symmetric active 2 symmetric passive 3 client 4 server 5 broadcast 6 NTP control message 7 reserved V NTP Versi...

Page 112: ...ANTIME using the NTP Query Tool ntpq The ntpq is executed with the following parameters clockvar associations readvar More information about the query tool can be found in the NTP documentation at http doc ntp org current stable ntpq html 108 Date 2nd July 2020 LANTIME CPU Expansion Shelf ...

Page 113: ... the IP protocol is taken into account Available are IPv4 IPv6 or both versions in combination Available Log Files If the client logging is activated log files for display are provided at this point Select the desired daily statistics from the selection box and use the Show button to display the statistics You will then receive a list of clients as well as other statistics A click on Details will ...

Page 114: ...e a Sync Monitor node can be located basically anywhere in the network but most probably as close as possible to the slaves to be able to measure their actual accuracy At the same time you can monitor also the performance of a GM and measure the potential network asymmetry which is present in the link between a GM and the Sync Monitoring Node It is possible to configure up to 1000 nodes for monito...

Page 115: ... To structure the table the group mode can be selected by pressing the Grp button on top of the first column then all nodes with the same group number will be gathered to one line and can be opened separately The status on the WEB interface will be updated automatically every 10s In the Sync Monitor Status and Configuration dialogue you can add new members for measuring their accuracy and monitori...

Page 116: ...ing instance is always available and is not dependent on HW configuration of the LANTIME system It can monitor native NTP nodes only which are responding to NTP client requests Note A NTP client that is using the Windows Time Service W32Time does not respond to NTP client requests per default configuration W32Time needs to configured to act as client and server at the same time Otherwise the node ...

Page 117: ...t the same time with the HPS card If HPS is configured see Lantime PTP configuration as monitoring device this is only possible if HPS has a 1024 clients license at minimum then multiple PTP nodes can be monitored with the network port of the HPS card Then that monitoring instance can monitor PTP nodes supporting protocols PTP with TLV proprietary for a Meinberg Sync Node PTP with MGMT defined in ...

Page 118: ...gnal you want to monitor Options available are GNSS GPS NTP PTP PPS IRIG 10MHz E1 2048kHz depending on HW options see Clock tab in the Web interface PIO This monitoring instance can monitor PPS and Freq nodes with Programmable Input Output PIO card From a drop down list you can select which particular signal you wish to monitor This depends on the configuration of the PIO card Options available ar...

Page 119: ... column then all nodes with the same group number will be gathered to one line and can be opened separately Request Interval s Interval in seconds by which a monitoring node sends monitoring requests to the slaves clients The min request interval is 1s the max is 3600s A default interval is 64s If the Request Interval is disabled 0 then no requests will be sent to the nodes and no data will be log...

Page 120: ...ncMon and compare the output of openssl x509 noout fingerprint sha256 inform pem in etc https pem This is to make sure that this is the correct device Then configure Username and Password to read Config from external SyncMon the current configuration of external SyncMon will be read via curl Also you have to configure the WEB access protocol HTTP or HTTPS and if you want to use a CA Certificate Bu...

Page 121: ...ing The parameters for request and log interval will be take over from the external configuration Location and the Group index can be configured for all selected nodes The default Location will be SyncMon plus the IP address The Alias names for the external SyncMon nodes will be the original Alias name plus IP address It is recommend to use a non used Group Id for all nodes of an external SyncMon ...

Page 122: ...elow Limit With the option Offset Limit s Trigger Counter the Event will be triggered once after number of limit exceeded in a row Stratum Limit Threshold value for a NTP stratum level If the stratum level of a monitored client is higher than the configured stratum limit it will generate an alarm sent by eMail SNMP trap or to an external syslog server With the option Stratum Limit Trigger Counter ...

Page 123: ...ix offset for graphic monitoring only Hide Min Max MTie filled curves in Graphic If the request interval is lower than the log interval additional values for Min and Max will be stored in the logfiles These Min Max values will be displayed as a filled curve in a gray color behind the logged offset curve This feature can be disabled Hide this Node in SyncMap You can disable a specific node in the S...

Page 124: ...f IP Address to scan This parameter will set a number of IP addresses which will be scanned To each IP address from the IP Range a separate NTP packet request will be sent If a NTP client answers to this request and its IP address has not yet been configured then this node will appear in the table With Manual IP range entry an other size of the range can be defined Scan for NTP Nodes via Main CPU ...

Page 125: ...messages that follow The result will be displayed as a list of all available PTP nodes Each new PTP Node will be entered in an overview table of the available nodes Only new nodes which have not yet been configured will be shown in the table For each node the PTP UUID MAC Address IP Address Vendor name Feature if a node supports PTP with extended TLV for monitoring or PTP management messages only ...

Page 126: ... graphical representation Offsets are collected for each NTP PTP or other monitored node and can be depicted as graphical repre sentation for selectable time intervals in the web UI of the SyncMon node The monitored data are continuously saved on the Sync node Base Path for logfiles for current day and will be saved automatically to the Flash Card Base Path for logfiles for history of days at chan...

Page 127: ...to display the graph with the selected time range For other options it is also possible to go back to see data in the past Y Range Different options available auto scale or fixed Y ranges in decade intervals 100ns 1us 10us 100us 1ms 10ms and 100ms Update Interval Automatically update of the current graph can be activated from 1s up to 1 hour For NTP nodes it is possible to view a graph either as r...

Page 128: ...n Max curve Zoom X Y Range To zoom in and out the Y Range position the mouse cursor on the Y axis and scroll with the mouse wheel to zoom in and out When pressing the mouse button once on the Y axis this will be reset to the selected Y Range When pressing the mouse button and moving the mouse up and down the Y axis will be moved up and down To zoom in and out the X Range time line position the mou...

Page 129: ...selected node This can be used to read the current values via WEB access wget or curl from an external program The JSON format is as follows LastConﬁgChange 0 NodeName 172 27 100 57 LogTime 1559025024 Status 1 LastErrorCode 0 PathDelay 0 000002693 SyncMon_Data LastLogValues MedianOffset 0 000048733 RawOffset 0 000050076 OffsetLimit 0 000000000 Edit Button With the Edit button all graphical paramet...

Page 130: ...on monitoring statistical values over the selected time frame a graphical diagram and optional a full sync map related to the monitored node Figure Generated report for a selected node The report includes a status information of the selected monitored nodes monitor configuration main monitor statistics and graphical diagrams Back button in Graph view When choosing the graphic page the Back button ...

Page 131: ...he flash memory card gets full the older logs will be overwritten Figure Error Log Messages for a selected monitored node At the bottom of the page there is a button Show Global Error Logs by which you can switch to view all Error Messages coming from all monitored nodes With Clear Error Logs all log entries will be removed With Error Log Statistics an overview of logs of all nodes will be display...

Page 132: ... In case of Offset Limit exceeded and not reachable an icon with the count of events will be shown in the table of monitored nodes in the Events column These events will be updated automatically every 10s With the Reset Events button which can be found above the overview table you can reset the current counter for the events These events are shown also in the SyncMap 128 Date 2nd July 2020 LANTIME...

Page 133: ... none of nodes has been primarily selected than graphical diagrams of the current day will be shown in a thumbnail form for all nodes in the table Along with the graphical diagrams also the status information and statistics over the current day measurements will be displayed Show overview of the time range If none of nodes has been primarily selected than graphical diagrams of the selected time ra...

Page 134: ...ameter for selected nodes For the selected nodes you can set or edit a list of monitoring parameters at the same time When you select this feature the configuration dialog will show up where you can re configure any of the parameters The new configuration will be applied to all the nodes you have selected for this action after you confirm with the Apply to Nodes button Duplicate selected nodes The...

Page 135: ...ension Signal Input IMS card The goal is to visualize an absolute offset of monitored nodes in terms of predefined offset limits The data can be shown according to the current offset status or over a selectable time range e g one day It is also possible to animate the dynamic behavior of the monitored nodes of the last 60min where SyncMaps are generated automatically every minute This mode is call...

Page 136: ... a circle with a color inside 3 that corresponds the status and an outer ring 4 that corresponds its type Status green Offset Limit red Offset Limit or outside the maximum scaling Type yellow NTP dark blue PTP with TLV light blue PTP with Management Msgs green ESI PPS grey not available Additionally the statistical values the standard deviation 8 is represented as circle segments These values repr...

Page 137: ...ncMap The following picture shows a SyncMap of a network with 250 monitored NTP nodes running on a Sync Fire This is a real measurement of our Test Network for burn in tests in the Lantime production The red signed nodes are DCF77 receivers with no compensation of the distance between a transmitter site and a receiver Figure An example of a Sync map with 250 nodes LANTIME CPU Expansion Shelf Date ...

Page 138: ...rval respectively Scaling possible scaling options decade steps or linear for different time accuracy ranges For PTP nodes it may be suitable to use scaling in lower microsecond range whereas for NTP you can select ranges in a few 100microseconds or millisecond range Refresh Button Immediately refreshes the Sync Map based on the currently available statistics of each single node A new SyncMap with...

Page 139: ...fines the sign of the average yellow negative blue positive 3 A measured node its color inside corresponds to its status 4 Outer ring which corresponds the type of the node 5 Event counter for Node not reachable 6 Event counter for Node Offset Limit exceeded 7 If Event counter 0 then this slide is dark red If Event counter 0 the Standard Deviation is light red or light blue 8 Standard deviation me...

Page 140: ...stem Parameters dialog If the System Monitoring is enabled then all signals will be measured and logged automatically in the same way like Node Monitoring namely System Monitoring page will be visible Figure An overview table for internal signals as shown in the System Monitoring page The system signals you wish to monitor need to be first selected in the Source Priority list for each reference cl...

Page 141: ...ignal combined 10 MHz plus PPS IRIG input Network Time Protocol NTP Precision Time Protocol PTP IEEE1588 fixed frequency 1 PPS in addition to time string variable input signal via GPIO DCF77 PZF providing much more accuracy than a standard LWR long wave receiver e g DCF77 AM WWVB MSF JJY GNSS receiver Local_Diff CLK1 CLK2 RSC Auto Manual Mode For each refclock Refclock State MRS SubState Refclock ...

Page 142: ...ets on UDP port 123 of all available network interfaces This statistic is displayed graphically in the table System Monitoring under Local_NTP_Counter The red line shows a value of the received NTP packets within a selected time period 138 Date 2nd July 2020 LANTIME CPU Expansion Shelf ...

Page 143: ...ll monitored nodes Global Error Log gives the option to track all error events Error Log Statistics categorization of error logs for each specific node Clear Error Logs deletes the list of logged errors Figure Error Log Statistics LANTIME CPU Expansion Shelf Date 2nd July 2020 139 ...

Page 144: ...all files on the flash storage belonging to SyncMon will be removed without a backup 9 1 8 13 Send Monitoring Data to external SYSLOG Server as a Backup In SyncMon Menu in the Web Interface menu System Settings External Syslog Server Configuration you can configure up to 3 external Servers where the measured data is sent at each log interval via the SYSLOG protocol On the external server has to ru...

Page 145: ...unning as per default on a port 514 Name of this SyncMon device you can monitor your network by different Sync Monitoring devices You can give them unique names to recognize it easily in the database server where the data come from The Meinberg Standard Format corresponds to the SyncMon data format stored in a file system on a LANTIME This will be later used for the SyncMon Manager The SyncMon Man...

Page 146: ...og you can configure the target servers where you want to store your data RSYNC Server Figure External RSYNC server configuration To automatically send data hourly or once a day via rsync you must prepare the ssh key for the external RSYNC server Registration via SSH on LANTIME Check if identities are available in root ssh id_rsa pub If not create an identity with ssh keygen t rsa Save this identi...

Page 147: ...oring of internal signals like CPU Utilization local NTP ESI inputs MRS References and Refclock parameters depending on integrated hardware of the system will be activated By default the monitoring of the system is disabled The measured data of the monitored nodes will be stored in separate directories on a flash disc The base path of the stored data files can be configured by the user therefore i...

Page 148: ...hich supports this option if the PTP node support MTie feature with extended TLVs then the Min and Max values will be stored in the next 2 lines 12 see 11 optional 13 see 11 optional Samples of Monitoring Data stored in the history of days files Example for NTP data files Day Sec Modified_Julian_day_time Raw_offset Median_offs Path_delay Stratum 58043 21705 2017 10 17T06 01 45 00 00 0 000000129 0 ...

Page 149: ...ery full scan of the configured nodes and can be accessed over CLI 172 27 19 11 0 000010202 0 000090331 0 000052625 8 0 1 0 0 0 Normal Operation 172 27 101 90 0 000000000 0 000000000 0 000352269 2 0 0 0 0 3 Error Not reachable 172 27 101 143 0 000000000 0 000000000 0 000000000 0 0 0 0 0 3 Error Not reachable 172 27 19 98 0 000000000 0 000000000 0 000000000 0 0 0 0 0 3 Error Not reachable 172 27 19...

Page 150: ...le type date and size of the documents notes The LANTIME documents can be downloaded from here in order to read print them on your workstation The Support Information chapter gives you all necessary information how to contact the technical support Apart from that it provides a link to the firmwareportal of Meinberg 146 Date 2nd July 2020 LANTIME CPU Expansion Shelf ...

Page 151: ...SA The Meinberg Sync Academy offers and develops tutorials in the field of time and frequency synchronization such as NTP PTP IEEE 1588 and many more This Part of the LANTIME Docs Support Tab provides basic information about the Sync Academy followed by some links to helpful informations on https www meinberg academy LANTIME CPU Expansion Shelf Date 2nd July 2020 147 ...

Page 152: ...hly structured language so that the MIBs from all of the devices on the network can be compiled into the same Manager MIB elements are called Object Identifiers or OIDs They consist of configuration variables status variables tree structure labels and notifications The OIDs can be read or changed using SNMP SET and GET commands There are also recursive commands which allow the Manager to ask for a...

Page 153: ...ority list See an example in the next figure The MRS system above synchronizes first to GPS but if the GPS signal is unavailable the refclock switches to the next time source from the priority list PTP in our case The switch happens only after a trust time of the unavailable time source GPS signal has run out This is to prevent hopping from one time source to another in short time periods If GPS b...

Page 154: ...the most important OID in this subtree to check regularly It informs about the NTP service of your LANTIME There are three states possible Status Description 0 not available See the possible troubleshooting A Check if NTP service is actually enabled at a given LAN interface To check it log in to a webinterface Factory default credentials root timeserver Go to menus Network Network Services and act...

Page 155: ... power supply unit of interest is not in service Check to see if it is damaged and replace it if necessary 2 up The queried power supply module is in operation It is recommended to check this OID every 60 s 9 2 2 4 Misc subtree mbgLtNgEthPortLinkState In the mbgLtNgMisc subtree one can find an EthPortLinkState OID which identifies the status of each physical Ethernet port of a LANTIME Available va...

Page 156: ... is in a standby mode 4 listening The port is waiting for the announceReceiptTimeout to expire or to receive an Announce message from a master 5 preMaster A short transitional state while the port is becoming a master 6 master The port is a current master 7 passive The port is in passive mode meaning there is another master clock active in the PTP domain The port can enter master state when it win...

Page 157: ...7 30 3 0 4 Severity Critical Short explanation trap to be sent when receiver is not responding Reference to other chapters Troubleshooting and Alarming Reference Clock CLK Not Rsponding Cleared By MbgLtNgTrapReceiverNotSync or mbgLtNgTrapReceiverSync SNMP Trap Name mbgLtNgTrapReceiverNotSync OID 1 3 6 1 4 1 5597 30 3 0 5 Severity Error Short explanation trap to be sent when receiver is not synchro...

Page 158: ...cNotSync OID 1 3 6 1 4 1 5597 30 3 0 11 Severity Warning Short explanation trap to be sent when secondary receiver is not synchronised Reference to other chapters Troubleshooting and Alarming Ref Clock CLK Not Sync Cleared By mbgLtNgTrapSecondaryRecSync SNMP Trap Name mbgLtNgTrapPowerSupplyFailure OID 1 3 6 1 4 1 5597 30 3 0 12 Severity Critical Short explanation trap to be sent when one of the re...

Page 159: ...y Clearing event Short explanation trap to be sent when a monitored network port is up Reference to other chapters no further information Cleared By SNMP Trap Name mbgLtNgTrapSecondaryRecNotRespp OID 1 3 6 1 4 1 5597 30 3 0 19 Severity Warning or critical Short explanation trap to be sent when secondary receiver is not responding Reference to other chapters Troubleshooting and Alarming Ref Clock C...

Page 160: ...eared By mbgLtNgTrapSHSTimeLimitOk SNMP Trap Name mbgLtNgTrapSecondaryRecSync OID 1 3 6 1 4 1 5597 30 3 0 35 Severity Clearing event Short explanation trap to be sent when secondary receiver is synchronised Reference to other chapters Antenna and Receiver Information Reference Time Sources Cleared By SNMP Trap Name mbgLtNgTrapNTPSync OID 1 3 6 1 4 1 5597 30 3 0 36 Severity Clearing event Short exp...

Page 161: ...ning on low resources Reference to other chapters no further information Cleared By mbgLtNgTrapSufficientSystemResources SNMP Trap Name mbgLtNgTrapFanDown OID 1 3 6 1 4 1 5597 30 3 0 45 Severity Critical Short explanation trap to be sent when fan goes down Reference to other chapters Troubleshooting and Alarming Miscellaneous Fan Failure Cleared By mbgLtNgTrapFanUp SNMP Trap Name mbgLtNgTrapFanUp ...

Page 162: ...planation trap to be sent when XMR reference source changed Reference to other chapters no further information Cleared By SNMP Trap Name mbgLtNgTrapClusterMasterChanged OID 1 3 6 1 4 1 5597 30 3 0 52 Severity Warning Short explanation trap to be sent when cluster mode is active and cluster changed Reference to other chapters LTOS 6 Managm Mon Web GUI Network Network Interf Cluster Cleared By SNMP ...

Page 163: ...FDMOk OID 1 3 6 1 4 1 5597 30 3 0 58 Severity Clearing event Short explanation trap to be sent when an FDM module returns to healthy state Reference to other chapters LTOS 6 Managm Mon Web GUI FDM FDM Configuration Cleared By SNMP Trap Name mbgLtNgTrapNTPOffsetLimitExceeded OID 1 3 6 1 4 1 5597 30 3 0 59 Severity Error Short explanation trap to be sent when monitoring an NTP client and its offset ...

Page 164: ... explanation trap to be sent when there currently is no power supply backup avail Reference to other chapters no further information Cleared By mbgLtNgTrapPowerRedundancyAvail SNMP Trap Name mbgLtNgTrapPowerRedundancyAvail OID 1 3 6 1 4 1 5597 30 3 0 66 Severity Info Short explanation trap to be sent when there is at least one power supply as backup Reference to other chapters no further informati...

Page 165: ...1 3 6 1 4 1 5597 30 3 0 88 Severity Info Short explanation trap to be sent periodically to indicate that time server is still alive Reference to other chapters LTOS 6 Managm Mon Notifications Miscellaneous Enable Heartbeat Cleared By SNMP Trap Name mbgLtNgTrapTestNotification OID 1 3 6 1 4 1 5597 30 3 0 99 Severity Info Short explanation trap to be sent when a test notification has been requested ...

Page 166: ...the problem NTP Stopped The NTP service stopped Info After every configuration change relevant to the NTP the NTP service is stopped and restarted In this case a message NTP Stopped is written into the system log of the LANTIME Contact the Meinberg TechSupport and provide a LANTIME diagnostic file if NTP Stopped is permanently displayed as NTP status in the front panel or in the web interface NTP ...

Page 167: ...gps antenna distributor htm make sure that the Clock 1 port of the GPSAV4 is attached since the GPSAV4 and the antenna are supplied by power via this port LANTIME with a longwave receiver DCF77 PZF WWVB MSF JJY Check the antenna position LANTIME with TCR reference clock IRIG Check whether the timecode input port at the back of the LANTIME is correctly connected to an IRIG source In the Web interfa...

Page 168: ...nd provide a LANTIME diagnostic file if you need further assistance at solving the problem Longwave receiver DCF77 PZF WWVB MSF JJY Either the antenna or any other input signal has not been detected Check the connections between the antenna and a LANTIME Check the status of the received antenna signal in the main page of the web interface The dis played field strength value should be 40 If this is...

Page 169: ...ently below 4 and the LANTIME can not complete the position determination then refer to the trou bleshooting case for CLK Not Sync Contact your Meinberg TechSupport and provide a LANTIME diagnostic file if you need further assistance at solving the problem GPS Cold Boot In GPS Cold Boot mode the GPS reference clock tries to download the GPS almanac which contains the satellite track data for all s...

Page 170: ...al influences on the oscillator Contact your Meinberg TechSupport and provide a LANTIME diagnostic file if you need further assistance at solving the problem Leap Second Announced LANTIMEs with a GNSS reference clock GPS GLN GNS or long wave receiver DCF77 PZF WWVB MSF JJY send out the Leap Second Announced notification message as soon as they have received the announcement by the reference signal...

Page 171: ...k interface Troubleshooting Additional information Check which ports are physically connected and the link should be available Check for compatible network settings on switch and LANTIME Check the settings for link monitoring via the Web Interface Network Physical Network Configuration Indicate Link on Front Panel LED The LANTIME monitors a link status for the ports where the Indicate Link on Fron...

Page 172: ...l information Check whether the LANTIME is still available over the network try to ping SSH HTTP HTTPS Does a power cycle solve this problem If the LANTIME is still accessible via HTTP HTTPS please download a diagnostic file via the web interface and send it to the Meinberg TechSupport If no connection to the LANTIME is possible contact the Meinberg TechSupport with the serial number of your LANTI...

Page 173: ...ng directory var 1MB free directory var 90 usage RAM Mem free 6MB Troubleshooting Additional information Contact your Meinberg TechSupport and provide a LANTIME diagnostic file if you need further assistance for solving the problem LANTIME CPU Expansion Shelf Date 2nd July 2020 169 ...

Page 174: ...or 3 PPS Input BNC female 2 Refclock Input DSUB 9 conncetor 1 Spannungsversorgung 3 PPS Eingang BNC Buchse 2 Refclock Eingang DSUB 9 Anschluss DEUTSCH Made in Germany http www meinberg de E mail info meinberg de 1 2 3 170 Date 2nd July 2020 LANTIME CPU Expansion Shelf ...

Page 175: ...isk 1 GB Signal 100BASE T Data transmission rate 10 100 Mbit s Connection type 8P8C RJ45 Cable Copper twisted pair e g CAT 5 0 Duplex Modes Half Full Autonegotiaton 0 To connect a serial terminal according to the device model use the RJ45 connector of the LAN CPU Via the serial terminal connection it is possible to con figure parameters with a command line interface You have to use a CAB CONSOLE R...

Page 176: ...works or by using a feature called bonding to configure redundant net work connections note the involved active network components like switches have to support this Output signal 1000BASE T Data transmission rate 10 100 1000 Mbit s Connector Type 8P8C RJ45 Cable Copper twisted pair e g CAT 5 0 There are 7 modes available Autosensing 10 Mbit Half Duplex 100 Mbit Half Duplex 1000 Mbit Half Duplex G...

Page 177: ...mum Power Pmax 50 W Max Wärmeabgabe Etherm 180 00 kJ h 170 61 BTU h WARNING This equipment is operated at a hazardous voltage Danger to life due to electrical shock Only qualified personnel electricians may connect the device Never work with open terminals and plugs while the power is on All connectors must be protected against touching live parts with a suitable plug housing Note Always ensure sa...

Page 178: ...D SUB male 9pol Cable shielded data line Assignment Pin 1 PPS optional Pin 2 TxD Pin 5 GND Refclock In 1 6 5 9 11 5 PPS In Cable shielded coaxial line pulse length 5µs active high Connector BNC female PPS In 174 Date 2nd July 2020 LANTIME CPU Expansion Shelf ...

Page 179: ...ominated biphenyls PBBs and polybrominated diphenyl ethers PBDEs Bis 2 ethylhexyl phthalat DEHP Benzylbutylphthalat BBP Dibutylphthalat DBP Diisobutylphthalat DIBP above the legal threshold WEEE status of the product This product is handled as a B2B Business to Busi ness category product In order to secure a WEEE compliant waste disposal it has to be returned to the manufacturer Any transportation...

Page 180: ...ich this declaration relates is in conformity with the following standards and provisions of the directives RED Richtlinie ETSI EN 303 413 V1 1 1 2017 06 RED Directive 2014 53 EU EMV Richtlinie ETSI EN 301 489 1 V2 2 3 2019 11 EMC Directive ETSI EN 301 489 19 V2 1 1 2019 04 DIN EN 61000 6 2 2019 2014 30 EU DIN EN 61000 6 3 2007 A1 2011 DIN EN 55032 2015 DIN EN 55024 2010 A1 2015 Niederspannungsric...

Reviews:

No comments

Related manuals for LCES

Wireless Mini PCI Module

Brand: E-Tech Pages: 42

Brand: Emerson Pages: 4

Liebert Intellislot IS-WEBCARD

Brand: Emerson Pages: 2

Brand: Emerson Pages: 5

SiteGate-E ARC156

Brand: Emerson Pages: 8

Liebert ICOM-DO

Brand: Emerson Pages: 12

Liebert IntelliSlot WEB/485

Brand: Emerson Pages: 2

Liebert OpenComms-485

Brand: Emerson Pages: 39

Liebert Vertiv RDU-SIC G2

Brand: Emerson Pages: 41

Liebert IntelliSlot IS-WEB485ADPT

Brand: Emerson Pages: 60

TS-269L TurboNAS

Brand: QNAP Pages: 6

Maxtor Central Axis

Brand: Maxtor Pages: 2

VCTnet AirXpress UC11B

Brand: Zida Pages: 53

Brand: Adaptec Pages: 6

Exadata Storage Server X7-2 EF

Brand: Oracle Pages: 284

KCU1250 10GBASE-KR

Brand: Xilinx Pages: 91

Brand: TANDBERG Pages: 53

Brand: Acer Pages: 37

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands